Tuesday, November 13, 2012

Petraeus-Broadwell-Allen-Kelley emails—no encryption!

If this were fiction, no one would believe that the head of the CIA could be that dumb. And not only that—Broadwell assumed that her “anonymous” message to Kelly could not be traced!  What planet are these people from?

For the past fifteen years I have preached (mostly to deaf ears) that the only fairly secure way to communicate secrets are (a) to use postal mail, and (2) to shred the letters after reading.

Note to Kelly: 

In the future, send your threats only by mail. Handle the paper and envelope with rubber gloves. Use water, not saliva, when you close the flap.  Drop in an outdoor mailbox far from home. One with no TV surveillance.

Note to Petraeus and Broadwell:

For various reasons, email is never secure.True, you were not actually sending the emails. Instead, using anonymous accounts, you merely composed messages and left them in a draft folder for the other to access.  This is normally a secure way to communicate, but in this case FBI did find the accounts and all your messages were in plain text!  It appears, therefore, that the lack of encryption seems to have brought you two down.

Note to all readers:

If you don't yet have the third edition of How to Be Invisible, order it right now!


  1. Encryption is no protection from the law. Refusing to provide decrypted evidence in response to a court order will likely land you in prison for obstructing justice. See Shmoocon 2012: Destroying Evidence Before Its Evidence http://www.youtube.com/watch?v=lqBVAcxpwio&feature=related

    * Don't do illegal things unless there's a very good reason for doing so and you're willing to face the consequences of being caught
    * Don't generate evidence
    * Don't make it likely you're going to caught

  2. For intelligence "professionals," they were not too bright. I would:

    1. At least encrypt the information using PGP or other reliable info.

    2. Use steganography and hide the info inside another file, like a JPG or MP3 file.

    3. If I were REALLY paranoid, I would post the innocent-looking files on a message board. The other person could access them, download them and then extract the info. This makes it harder to prove that two people are even communicating!

    4. Of course, a distraction, I would post other pictures, which would in fact, be nothing more than an island full of palm trees!

  3. First read the papers:

    Then you can write your opinion.

  4. Not to mention using encryption would definitely be a red flag for the CIA's firewall.


Please leave a constructive comment below. Spam and Advertising will not be posted, so it's not even worth trying - all comments are moderated.